Lucene search
K

67 matches found

OSV
OSV
added 2022/11/03 4:15 p.m.3 views

UBUNTU-CVE-2022-39376

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...

6.5CVSS6.8AI score0.00477EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/03 12:0 a.m.6 views

GLPI 输入验证错误漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

6.5CVSS7.5AI score0.00477EPSS
Exploits0References2
CNVD
CNVD
added 2021/12/18 12:0 a.m.24 views

WordPress Get Custom Field Values plugin access control error vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blogging sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values...

6.5CVSS2.9AI score0.00995EPSS
Exploits2References1
NVD
NVD
added 2021/12/13 11:15 a.m.14 views

CVE-2021-24871

The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS0.00684EPSS
Exploits2References1
NVD
NVD
added 2021/12/13 11:15 a.m.18 views

CVE-2021-24872

The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata...

6.5CVSS0.00995EPSS
Exploits2References1
CVE
CVE
added 2021/12/13 10:41 a.m.37 views

CVE-2021-24872

The CVE-2021-24872 entry concerns the WordPress Get Custom Field Values plugin, prior to version 4.0, where users with a low-privilege role (as low as Contributor) can access other posts’ metadata without permission checks. The root cause is an access-control flaw that allows metadata exposure ac...

6.5CVSS6.3AI score0.00995EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.4 views

WordPress 插件安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blogging sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values...

6.5CVSS5.6AI score0.00995EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.4 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values Plugin...

5.4CVSS5.7AI score0.00684EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/11/09 12:0 a.m.20 views

WordPress Get Custom Field Values plugin <= 3.9.4 - Arbitrary Post Metadata Access vulnerability

Arbitrary Post Metadata Access vulnerability discovered by Francesco Carlucci in WordPress Get Custom Field Values plugin versions = 3.9.4. Solution Update the WordPress Get Custom Field Values plugin to the latest available version at least 4.0...

6.5CVSS3.6AI score0.00995EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.7 views

Combodo iTop 安全漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. Combodo iTop version 2.7.4 prior to a security vulnerabilit...

7.7CVSS6.4AI score0.00779EPSS
Exploits0References3
NVD
NVD
added 2021/05/24 5:15 p.m.31 views

CVE-2021-32624

Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control...

7.5CVSS0.00864EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/24 4:55 p.m.36 views

CVE-2021-32624 Private Field data leak

Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control...

7.5CVSS7.5AI score0.00864EPSS
Exploits0References1
Typo3
Typo3
added 2019/01/22 12:0 a.m.10 views

Multiple vulnerabilities in extension "femanager" (femanager)

It is possible to bypass configured server side validation rules which allows an attacker to create frontend user records with invalid data. Also, the eID script allows an attacker to set various validators using GET parameters resulting in information disclosure of field values from the feusers...

6.3AI score
Exploits0Affected Software1
OSV
OSV
added 2017/09/18 12:29 a.m.4 views

UBUNTU-CVE-2017-14528

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service use-after-free after an invalid call to TIFFSetField,...

6.5CVSS6.7AI score0.02616EPSS
Exploits1References4
Veracode
Veracode
added 2017/01/09 7:51 a.m.19 views

Information Disclosure

Plone is vulnerable to information disclosure. z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id...

4.3CVSS5.8AI score0.01231EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2014/06/09 7:55 p.m.18 views

CVE-2013-1973

The autocomplete callback in Autocomplete Widgets for Text and Number Fields autocompletewidgets module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors...

4CVSS6.1AI score0.01094EPSS
Exploits0References5
Atlassian
Atlassian
added 2014/02/06 9:27 a.m.17 views

Improve filter behaviour: auto-complete should not give away field values

h4. Context When using JQL with auto-complete switched on, searching for fields will always list global values. For instance, when using the IN operator in JQL, auto-complete will "give away" values for the majority of fields. Given that for each individual project there are schemes restricting o...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/06 9:27 a.m.19 views

Improve filter behaviour: auto-complete should not give away field values

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-36881. panel h4. Context When using JQL with auto-complete switched on, searching for fields will always list global values. For instance, wh...

1.2AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/10/31 12:0 a.m.31 views

Bugzilla < 4.0.11 / 4.2.7 / 4.4.1 Multiple Vulnerabilities

According to its banner, the version of Bugzilla installed on the remote host is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to a flaw in token validation in 'processbug.cgi'. Note that this only affects versions 4.4rc1 to 4.4. CVE-2013-1733 - A...

6.8CVSS5.2AI score0.02824EPSS
Exploits3References10
Nmap
Nmap
added 2013/07/06 2:39 p.m.220 views

http-stored-xss NSE Script

Unfiltered '' greater than sign. An indication of potential XSS vulnerability. See also: http-dombased-xss.nse http-phpself-xss.nse http-xssed.nse http-unsafe-output-escaping.nse Script Arguments http-stored-xss.formpaths The pages that contain the forms to exploit. For example, /upload.php,...

10CVSS9.1AI score0.99448EPSS
Exploits33
Rows per page
Query Builder